d2) United States Patent 

Nakahara et al. 



US006253225B1 

(io) Patent No.: US 6,253,225 Bl 
(45) Date of Patent: Jim. 26, 2001 



I im mi 
fi 



(54) PROCESS EXECUTING METHOD AND 
RESOURCE ACCESSING METHOD IN 
COMPUTER SYSTEM 

(75) Inventors: Masahiko Nakahara, Yokohama; 

Masaaki Iwasaki, Tachikawa; Tadashi 
Takeuchi; Takahlro Nakano, both of 
Yokohama; Kazuyoshi Serizawa, 
Hadano; Shihoko Taguchi, Kawasaki, 
all of (JP) 

(73) Assignee: Hitachi, Ltd., Tokyo (JP) 

( * ) Notice: Subject to any disclaimer, the term of this 
patent is extended or adjusted under 35 
U.S.C. 154(b) by 0 days. 

(21) Appl. No.: 08/917,477 

(22) Filed: Aug. 26, 1997 

(30) Foreign Application Priority Data 

Aug. 28, 1996 (JP) 8-226404 

Dec. 6, 1996 (JP) 8-326499 

(51) Int. CI. 7 G06F 9/46 

(52) U.S. CI 709/100; 709/102; 709/104 

(58) Field of Search 710/200, 260, 

710/224; 709/231, 107, 100, 101, 102, 
103, 104, 108; 395/650, 474, 425; 370/85, 

85.5 

(56) References Cited 

U.S. PATENT DOCUMENTS 

4,787,083 * 11/1988 Tanaka 370/85 

5,247,675 * 9/1993 Fanell et al 395/650 

5,251,317 * 10/1993 Iizuka et al 395/650 

5,339,443 * 8/1994 Lockwood 710/200 

5,414,848 * 5/1995 Sandage et al 395/650 



5,428,525 
5,428,761 
5,515,538 
5,553,267 
5,566,177 
5,586,318 
5,784,618 
5,790,770 
5,812,844 
5,819,280 
5,925,096 



6/1995 Cappelaere et al 364/140 

6/1995 Herlihyetal 395/425 

5/1996 Kleiman 710/260 

9/1996 Heilihy 395/474 

10/1996 Bhandari et al 370/85.5 

12/1996 Toutonghi 709/107 

7/1998 Toutoughi 709/107 

8/1998 McClure 709/231 

9/1998 Jones et al 709/104 

10/1998 Nagai 707/103 

7/1999 Hlasruketal 709/103 



* cited by examiner 

Primary Examiner — Majid A Banankhah 

(74) Attorney, Agent, or Firm — Antonelli, Terry, Stout & 

Kraus, LLP 



(57) 



ABSTRACT 



A process executing method capable of performing multi- 
processing by using a shared resource without impairing 
periodical driv ability of processes designed for executing 
continuous media processing. When a process requests the 
use of the shared resource, abortion of that process is first 
disabled by the process itself by using an abort disable 
function and then preemption of the same process is disabled 
by means of a preempt control module, whereupon the 
process enters a processing executed by using the shared 
resource. Upon completion of the processing for the shared 
resource, the process is immediately set to a preempt- 
enabled state by means of a preempt control module. After 
completion of all the processings, the abort-disabled state is 
finally cleared by using a disabled-abort clear function. 
Upon occurrence of forcive termination of a process in the 
abort-disabled state thereof, execution of this process is 
continued until the abort -disabled state is cleared, and the 
process is terminated forcibly after the abort-disabled state 
has been cleared. 

2 Claims, 18 Drawing Sheets 
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PROCESS EXECUTING METHOD AND 
RESOURCE ACCESSING METHOD IN 
COMPUTER SYSTEM 

BACKGROUND OF THE INVENTION 

The present invention relates to a method of executing 
processes in an operating system controlling a computer 
system and a method of accessing a resource in the computer 
system. More particularly, the invention is concerned with a 
method of executing processes by using a shared resource in 
an operating system providing a multiprocessor or multi- 
processing environment. 

In the operating system capable of providing the multi- 
processing environment for executing a plurality of pro- 
cesses (or tasks) in parallel on a time-division basis, it is 
required to execute the processes while performing mutual 
exclusive control or management so that the resource shared 
among the processes is not simultaneously allocated to a 
plurality of processes. As a means for realizing such mutual 
exclusive management, there is known and widely adopted 
in the operating system (OS) a procedure referred to as "lock 
control". 

In the lock control, a flag indicating that a correspondi ng 
s hared resource is bein g used is set for each of the shar ed 
r esources. When on e nf the processes i s , goin^ to perform, a 
p rocessing hv using a given one of the shared resources, i t 
is checked whether the flag corresponding to this sha red 
resource is set bv any other process Unless the flag is set b y 
t he other process r the given one process can use exclusiv ely 
t he shared resource w hile setting thp flag inHif> fl tjpg th^t the 
r esource is occupied. This operation is typically referred to 
as "lock or locking" of the shared resource. Upon compl e- 
ti on of the processing for the shared resource^ the proce ss 
releas es the shared resource while resetting ; the flag. Thi s 
o peration is referred to as "unlock or unlocking" of the 
s nared resource. On the other hand, when the flag cor re- 
sp onding to the shared resource to be used is set bv any othe r 
process, th e operating system sets the one process requestin g 
t he use of this resource to the waiting or standby state u ntil 
t hat shared resource has been unlocke d. 

At this juncture, l et's assume that a process 1 of low 
pr iority and a process 2 of hi g h priority are executed in 
parallel and that a shared resource A is shared availably, hy 
t hese two processes. On this assumption, it is further sup- 
posed that the process 1 of low priority has locked the shared 
resource A in the course of using a CPU (central processing 
unit) and that the shared resource A has entered into a 
suspended state with the lock being left validated. In that 
case, the process 2 of high priority assigned with the right for 
using the CPU in succession to the process 1 can not use the 
shared resource A, because the resource has been locked by 
the process 1 of low priority. As a consequence, execution in 
succession becomes impossible. 

The problem that the process of high priority is inhibited 
from execution in succession because of the lock secured by 
the process of low priority is referred to as the priority 
inversion problem. Concerning this priority inversion 
problem, reference may be made to "PRIORITY INHER- 
ITANCE PROTOCOLS: AN APPROACH TO REAL- 
TIME SYNCHRONIZATION" in IEEE TRANSACTIONS 
ON COMPUTERS, Vol. 39, No. 9, September 1990, pp. 
1175-1185. In the conventional operating system known 
heretofore, when the priority inversion takes place, the 
dormant process of low priority acquired and locked the 
shared resource is executed with the topmost priority in 
order to unlock the shared resource so that the process of 
high priority can be executed as early as possible. 



!3,225 Bl 

2 

On the other hand, the operating system providing the 
multiprocessing environment is imparted with a function for 
protecting the resource allocated to a given process against 
the illegal access attempted by any other process. This 

s function is referred to as the access right control or manage 
function. The access right control or management now under 
consideration is based on the presumption that the access 
right can be set on a process-by-process basis and that a 
plurality of processes may simultaneously try to access a 

10 computer resource. An interface for allowing a user appli- 
cation to call the functions of the operating system is 
ordinarily provided and known as "system call". In this 
conjunction, it is noted that when a pointer is used as an 
argument of the system call, designation of an illegal address 

15 by the user application may unfavorably lead to destruction 
of important data resident in the operating system. To avoid 
such unwanted situation, an identifier is used as the argu- 
ment in place of the pointer in typical one of the access right 
control or management. 

20 In the case of the access right control method in which the 
identifier is used as the argument in the system call issued by 
the user application, the operating system is required to 
translate the identifier to an address in the resource for 
making access to the resource. In this context, the simplest 

25 one of the translation methods is a method in which the hash 
function is employed. According to this method, an identifier 
is placed in or assigned to the hash function as a key, 
whereon the hash value as obtained is used as the address. 
The access right control method relying on the hash function 

30 will be described below. 
§1. Configuration 

As is shown in FIG. 1, the operating system assigns a 
resource identifier 100 to the hash function (F) 101 as a key 
to acquire as the hash value an index "Index" 102 contained 

35 in a resource management data table 104. As is shown in 
FIG. 2 A, resource management data 105 stored in the 
resource management data table 104 contains an identifier 
201, a pointer 205 to a resource 103, a flag 202 indicating 
presence or absence of a succeeding or next resource man- 

40 agement data 106, a pointer 203 to the succeeding resource 
management data 106, and a pointer 204 to process man- 
agement data 107. 

There may arise such situation that the hash function 
returns a same index "Index" for different identifiers RID. In 

45 that case, collision between the indexes "index" will occur. 
Accordingly, the second resource management data 106 et 
seq. are stored in an overflow area with the address of the 
second or succeeding resource management data 106 being 
placed in the immediately preceding resource management 

50 data 105, 

In case the resource is a shared resource, there exist a 
plurality of processes having respective access rights for the 
same identifier RID. In that case, the pointers to the second 
process identifier data 108 et seq. are placed in the imme- 

55 diately preceding process management data 107. 

The resource management data 105 is shown in FIG. 2 A 
while the process management data 107 is shown in FIG. 
2B. As can be seen in FIG. 2B, the process management data 
107 is composed of a process identifier 207, a flag 208 

60 indicating presence or absence of the next process manage- 
ment data, and a pointer 209 to the next process management 
data. At the end of the user application, it becomes necessary 
to know the identifier of the process having the access right 
in order to deallocate the resource occupied by the process. 

65 Thus, the operating system is provided with a process- 
specific resource identifier list 109 in which a resource 
identifier 110 is entered every time when a corresponding 
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resource is generated or every time the access right to the argument RIDx, it is then decided that the resource as 

shared resource is acquired. requested does not exist in the system whereupon an error 

§2. Resource Allocation Processing message is returned to the user application (step 1104). On 

FIG. 3 is a flow chart for illustrating a resource allocation the other hand, when coincidence is found between the 

processing. 5 identifier RID contained in the resource management data 

When the system call requesting the resource allocation is 105 and the argument RIDx in the comparison step 1101, 
issued to the operating system by a user application, the then the process identifier PIDx of the process accessing 
operating system responds thereto by allocating the resource currently the resource is compared with the process identi- 
(step 1000). Subsequently, the operating system acquires an fier PID 207 contained in the process management data 107 
identifier RIDx definite in the system (step 1001) and places 10 (step 1105). When it is found in step 1105 that the values of 
the identifier RIDx to the hash function as a key. Thus, the both the identifiers differ from each other and when the flag 
index "Index" contained in the resource management data 208 contained in the process management data 107 and 
table 104, i.e., the address where the resource management indicating the presence or absence of the succeeding process 
data x is stored is obtained (step 1002). In the case where the management data is "ON" (indicating that the succeeding 
resource management data y has already been placed at the 15 process management data 107 exists) (step 1106), the suc- 
leading location of the area designated by the index, i.e., ceeding pointer 209 is followed to reach the succeeding 
when collision between the indexes occurs (step 1003), the process management data (step 1107), whereon the corn- 
pointers are followed up from one to another (step 1005) so parison of the process identifiers mentioned above is again 
long as the flag 202 indicating presence or absence of the performed (step 1105). When the process identifiers PID 
identifier management data 105 assumes a value "ON" 20 contained in all the resource management data 105 which 
(indicating the presence of the resource management data can be followed with the aid of the pointers do not coincide 
105) (step 1004). When the resource management data z for with the argument PIDx, it is then decided that the user 
which the flag 202 indicating the presence or absence of the application issuing the system call has no access right to the 
succeeding identifier management data is set to "OFF" is resource, wherein an error message is returned to the user 
found in the course of following or tracing the pointers, then 25 application (step 1108). 

the succeeding identifier management data presence/absence On the other hand, when the coincidence is found between 

flag 202 is set to "ON" (step 1006). Subsequently, an area for the process identifier and the argument in step 1105, access 

the new resource management data x is allocated to the to the resource is performed by using the resource address 

overflow area (step 1007), whereupon the pointer 203 to the stored in the resource pointer 205 contained in the resource 

immediately preceding resource management data contained 30 management data 105 (step 1109). 

in the resource management data y is placed at the address §4. Resource Deallocation Processing 

of the resource management data x (step 1008). When it is In the case where a system call requesting the deallocation 

found in step 1003 that the succeeding identifier manage- of the resource is issued to the operating system from the 

ment data is not stored, the area for the resource manage- user application, then the resource deallocation processing is 

ment data x is assigned to the main area (step 1009). 35 performed for that resource. Additionally, when deallocation 

The process management data 107 is placed in the process of the resources becomes necessary due to abnormal termi- 

management area and the process identifier is stored therein nation of a process, then the resource deallocation process- 

(step 1010). At the same time, the identifier RIDx 207 is ing is performed for the resources corresponding to all the 

stored in the process-specific identifier list 109 (step 1011). identifiers contained in the identifier list specific to the 

The identifier RIDx 201, the pointer 204 to the process 40 process terminated abnormally. The resource deallocation 

management data and the resource pointer 205 contained in processing will be described below by reference to FTC 5. 

the resource management data x 105 are assigned with In the first place, the operating system inhibits or block the 

respective values, whereon the flag 202 indicating the pres- access to all the resources (step 1200) and places the 

ence or absence of the succeeding resource management identifier RIDx of the resource to be deallocated in the hash 

data is set to "OFF" state (step 1012). Then, the identifier 45 function as a key to obtain the index "Index" of the resource 

RIDx is returned to the user application (step 1013). management data 105 (step 1201). Subsequently, the iden- 

§3. Resource Access Processing tifier RID contained in the resource management data 105 

When the system call indicating a resource access request stored in the area indicated by the index is compared with 

is issued by the user application to the operating system, the the key or identifier RIDx (step 1202). When the values of 

latter executes the processing illustrated in FIG. 4. 50 both the identifiers differ from each other and when the flag 

The operating system assigns the identifier RIDx which is 202 indicating the presence or absence of the succeeding 

the argument of the system call to the hash function to obtain resource management data is "ON", i.e., when the succeed- 

the index of the resource management data 105 (step 1100). ing resource management data 105 exists (step 1203), the 

Subsequently, the identifier RID contained in the resource pointer 203 is followed up to the succeeding resource 

management data 105 located at the index is compared with 55 management data (step 1204), whereon the identifier com- 

the argument RIDx (step 1101). When the values of the parison mentioned above is again repeated (step 1202). In 

identifier RID and the argument RIDx differ from each other case the identifiers RID of all the resource management data 

and when the flag 202 indicating the presence or absence of 105 which can be followed with the pointers do not coincide 

the succeeding resource management data in the resource with the key or identifier RIDx, it is then decided that the 

management data 105 is set "ON", i.e., when the succeeding 60 resource as requested does not exist, whereupon an error 

resource management data 105 exists (step 1102), the message is returned to the user application (step 1205). 

pointer 203 is followed up to the succeeding resource On the other hand, when coincidence between both the 

management data (step 1103), wherein the comparison identifiers RID and RIDx is found in the step 1202, the 

between the identifier and the argument mentioned above is address of the process management data 107 stored in the 

again performed (step 1101). In the case where the identi- 65 pointer 204 to the process management data is acquired (step 

fiers RID of all the resource management data 105 which can 1206). When the succeeding resource management data 105 

be followed with the pointers do not coincide with the exists (step 1207), the resource management data 105 speci- 
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fied by the identifier RIDx is released or unlocked (step 
1209) after changing the string of the pointers 203 to the 
resource management data (step 1208). Subsequently, the 
pointer acquired in step 1206 is followed and it is checked 
whether or not the flag contained in the process management 5 
data 107 and indicating the presence or absence of the 
succeeding process management data is "ON" (step 1210). 
If the flag is "ON", the pointer 209 to the succeeding process 
management data is acquired (step 1211), whereupon a 
message indicating that the process management data 107 is 10 
released or deallocated and that the identifier RID can no 
more used is issued to the user applications, i.e., individual 
processes (step 1212). On the other hand, when it is dedi- 
cated in step 1210 that the flag 208 indicating the presence 
or absence of the succeeding resource management data is 15 
"OFF', the final process management data 107 is released or 
deallocated, wherein the message indicating that the iden- 
tifier RID can no longer be used is issued to the user 
application (step 1213), which is then followed by the 
reopening of the access to all the resources (step 1214). 20 

In conjunction with the method described above, it is 
noted that even when the index "Index" contained in the 
resource management data table 104 can be obtained by 
assigning an illegal identifier RIDz to the hash function as 
the key, the illegal identifier RIDz can not be found in the 25 
resource management data 105 which can be followed or 
traced with the index. Consequently, no resource address can 
be obtained, rendering the access impossible. Further, even 
if the illegal identifier RIDz should be contained acciden- 
tally in the resource management data 105 traced with the 30 
index, the identifier of the process making access to the 
resource is not stored in the process management data 107. 
Consequently, the address of the resource can not be gained. 
Thus, illegal access can be inhibited or disabled. 

Furthermore, in the resource unlock processing, the 35 
resource protection can be realized by inhibiting or disabling 
all the accesses of the user applications to the resource, 
while illegal access after the resource deallocating can be 
inhibited by invalidating the identifier, releasing the resource 
management data and the process management data which 40 
can be traced with the index and issuing the message 
informing the processes of the deallocating of the resource. 

SUMMARY OF THE INVENTION 

In the continuous media processing, operation of a pro- 45 
cess for processing data such as animation data is accom- 
panied with periodicity. A process scheduling method mak- 
ing use of this feature has already been proposed. For more 
particulars of this method, reference may be made to Japa- 
nese Patent Application No. 8-73673. 50 

In this conjunction, it is noted that the priority inversion 
problem discussed hereinbefore affects adversely the pro- 
cess scheduling method based on the periodicity mentioned 
above as well. By way of example, it is assumed that there 
exist two processes, namely process 1 and process 2, for 55 
carrying out the continuous media processing and that there 
exists a resource A which is shared by these two processes. 
In that case, when the process 1 and the process 2 attempt 
to control or manage mutually exclusively the shared 
resource A by making use of the lock function, there may 60 
arise the priority inversion problem, which will impair the 
periodical drivability of the process. 

Further important problem incurred by the priority inver- 
sion can be seen in that the process having been locked, 
bringing about the priority inversion problem, is scheduled 65 
with highest preference. Thus, it is safe to say that the 
priority inversion problem exerts adverse influence even to 
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the periodical drivability of other process partaking in the 
continuous media processing. 

Under the circumstances, in the system designed for 
performing the continuous media processing, there is con- 
ceivable a method of structuring a computer system without 
using any lock at all from the beginning in order to evade the 
priority inversion problem. As a method of realizing the 
exclusive control or mutually exclusive management of the 
process, such process control or management method may 
be conceived in which the process using currently the shared 
resource is allowed to occupy exclusively the CPU (Central 
Processing Unit) or, to say in another way, any other process 
is inhibited or disabled from being scheduled so long as the 
shared resource is being used by a given one of the pro- 
cesses. Such control or managing method can be realized by 
adopting a preempt control method proposed in Japanese 
Patent Application No. 8-97997. Parenthetically, the pre- 
empt control method concerns prevention of a process being 
executed from being temporarily suspended (i.e., 
preempted) by providing interfaces "preempt disabling" and 
"disabled-preempt releasing or clearing", wherein during a 
period intervening between a time point at which the pre- 
empt disabling is validated and a time point at which the 
preempt disabling is cleared (this period may also be 
referred to as the preempt-disabled interval), the process in 
execution is prevented from being preempted and thus can 
continue the execution even when a scheduling request is 
issued from any other process. By virtue of such control, it 
can be ensured that no more than one process can use the 
shared resource at any time. In other words, the exclusive 
control or management of the processes can thus be realized. 

It is however noted that with the control method men- 
tioned above, periodical drivability of the other process may 
be impaired when the process using the shared resource runs 
over a prolonged duration. 

Let's consider, for example, a processing for extracting a 
resource from a free list in which usable resources shared in 
the system are queued, initializing the resource as extracted 
and chaining it to a resource allocation list of a given 
process. In that case, the shared resources which need the 
mutually exclusive control or management are the free list 
and the resource allocation list. 

When the processing mentioned above is to be realized 
only by setting the preempt-disabled interval, it is then 
necessary to set the preempt-disabled interval so that it 
extends from a time point "preceding to contacting the free 
list" to a time point at which "the resource has been chained 
to the resource allocation list". To this end, processings (la) 
to (5a) mentioned below will have to be carried out. 

(la) Setting the preempt-disabled state. 

(2a) Taking out the resource from the free list 

(3a) Initialization of the resource. 

(4a) Chaining the resource to the resource allocation list 
for the processes. 

(5a) Clearing the preempt-disabled state as set. 

At this juncture, it is noted that the time taken for 
initialization of the resource is not always short. In fact, time 
in the order of several ten milliseconds is taken solely for the 
initialization of a memory upon memory allocation inter- 
nally of the operating system. Accordingly, when the mutu- 
ally exclusive control is to be realized only by setting the 
preempt-disabled interval, as mentioned above, there may 
arise such situation that a given one process occupies the 
CPU for an extended time, which will result in degradation 
in the response performance on the real-time basis, eventu- 
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ally exerting adverse influence lo the periodical drivability the process is not forcibly terminated, and prevention of the 

of the continuous media processing. process from being forcibly terminated is expressed as 

As the means for coping with the above problems, the " abort disabling" or the like. Thus, "the state in which a 

processings mentioned above may be modified or rearranged process is prevented from being aborted" may be expressed 

as follows: 5 as "abort-disabled state" or the like. Additionally, the pro- 

(lb) Setting the preempt-disabled state, ccss 15 "preempt-disabled", which mean that the process is 

(2b) Taking out the resource from the free list. ? mM f * gainSt ™*™fl!? °' SUS ^ n ° f T fT^' 

; ; r . ing or task executed by that process. At the end of the use 

(3b) Clearing the preempt-disabled state as set. of ^ shared resource> me process fe cleared from the 

(4b) Initializing the resource. 10 preempt-disabled state. Upon completion of all the process- 
(5b) Setting the preempt-disabled state, ings for the shared resource, it is declared by the process that 
(6b) Chaining the resource to the resource allocation list it may be forcibly terminated, which is expressed as "clear- 
for the processes. ing the process from the abort-disabled state" or simply as 
(7b) Clearing the preempt-disabled state as set. "clearing of the abort-disabled state" or so. Further, the time 
Hie above processings can certainly satisfy the necessary 15 P e ™ d or i?teiv«nii« between the abort-disable 
condition from the view point of the mutual exclusive decimation and the abort-disabled state clearing de^^^^^^ 
control or management. Besides, the duration of the f ^ "abort-disabled interval . When a request for the 
preempt-disabled interval can be reduced to ca. 10 ,/sec., forcwe termination of a process is issued during the abort- 
while in the resource initialization processing (4b), the right disabled period or interval, execution of the process is 
of using the CPU can be transferred to other process. Thus, 20 continued until the processing to be executed during the 
the real-time response performance of the system can be abort-disabled period has been completed. When the abort- 
improved. Unfavorably, however, there may arise a problem state 1S cleared > the P rocess 15 forcibl y terminated, 
when the process executing the resource initialize process- In a preferred mode for carrying out the invention, a sole 
ing (4b) is externally forced to terminate in the course of process dedicated for coping with such situation that the 
executing this processing. 25 shared resource is used by a process over a prolonged 
In general, most of computer systems are equipped with duration f Provided in the system. Further for sending the 
a function for stopping externally process execution for rec l uests for usin g me shared resource t0 ^ s ° le ? ro ff - 
coping with overrunning of a program. Accordingly, when lher f e 15 provided a queue. The other process destined for 
the process executing the processings mentioned above is m Performing the continuous ; media processing issues a shared 
forced to terminate by other process by resorting to the 30 resource use request to the sole dedicated process before 
forcive terminate function mentioned above, then the startin S . the Periodical driving, and upon completion of the 
resource initialized by the processing (4b) may become a processing for the shared resource, the periodical driving is 
free resource belonging to none of the management lists. As validated. The request mentioned above is registered in the 
the result of this, such situation may arise in which the „ ? ueu ^ ^ov*™ of such dedicated process can ensure that 
operating system can not recover the resource when the 35 U is always only one process m the system that can perform 
process is terminated, which in turn means that the resource * he processing for the shared resource. Thus, the processing 
used by the process terminated forcibly becomes unusable for the shared res ° urce can be effectuated in the preempt- 
for ever. In order to evade this problem, there may be enabled state, which in turn means that the processing for the 
conceived a method of initializing the resource in the state An shared re j source can be executed in P^ 1 Mth the P en ' 
where the resource is chained to the free list or the resource odically driven process or processes, 
allocation list. In that case, however, the duration of the By virtue of combinations of the two process executing 
preempt-disabled interval period is substantially equal to methods mentioned above, a plurality of processes which 
that of the preempt-disabled period covering the whole use the shared resource can be executed without exerting 
processings described hereinbefore. As another method, it is any noticeable adverse influence to the processes driven 
equally conceivable to prepare separately a list for managing periodically in the multiprocessing environment in which a 
the resources under initialization, wherein the resource plurality of processes can run in parallel with one another, 
undergoing the processing (4b) is chained to this list. On the other hand, in the case of the method according to 
However, this method is disadvantageous in that overhead which the identifier is placed in or assigned to the hash 
involved in the initialization processing increases because of 5Q function as a key to determine the index "Index" of the 
an increased number of times the list -chain changing pro- resource management data containing the address of the 
cessing has to be performed. resource for making access to the resource, there arise 
In the light of the slate of the art described above, the problems mentioned below in executing such processing 
inventor of the present application has developed a process which has to process a large amount of data at a high speed 
executing method which is capable of processing the shared S5 on a real-time basis while allocating a CPU time at every 
resource without affecting adversely the periodical drivabil- predetermined interval as in the case of the multi-media data 
ity of the continuous media processing by making use of the processing. 

preempt control method. (1) When a plurality of processes make simultaneous 

Accordingly, it is a first object of the present invention to access to one data, collision of the hash values will take 

provide a process executing method for executing processes $o place in the accessing method using the hash function, which 

which use a shared resource in a computer system designed makes it necessary to search the overflow area while fol- 

for continuous media processing. lowing pointers until the identifier of the resource as 

According to the teaching of the invention, it is declared searched is found, 

by the process in precedence to the use of the shared Further, when the identifier is found, it is necessary to 

resource that the process is not forcibly terminated. 65 search the process management data by following with the 

Parenthetically, in the description which follows, expression pointers until the process identifier is found in order to check 

"process is not aborted" or the like is used, which means that whether or not the process attempting to make access to the 
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shared resource has really the access right (i.e., the right of FIG. 3 is a flow chart for illustrating a conventional 

accessing the resource). Consequently, overhead involved in resource allocation processing; 

the processing increases considerably while the time taken piG. 4 is a flow chart for illustrating a conventional 

for the memory access becomes too long to be useful for reS ource access processing; 

effective reproduction of the data. c ^„ _ . „ . 

/<*\ t *u . • u- u *u r «* i 1 *u FIG. 5 is a flow chart for illustrating a conventional 

(2) In the system in which the user application unlocks the , „ - & 

x ' J t , f r c t1 . . resource deallocation processing; 

resource, the operating system has to follow or trace the r to 

pointers of all the process management data in order to nG 6 1S a schematic diagram showing a group of 

acquire the identifier of the process using the resource and modules and data required for carrying out the method 

release the process management data as found while mes- 0 according to the embodiment of the present invention; 

saging to the individual processes that the resource can not FIG. 7 is a flow chart for illustrating a processing proce- 

be used. During the period for the search mentioned above dure carried out according to the embodiment of the inven- 

and for the execution of succeeding processings, all the tion shown in FIG. 6; 

accesses from the user applications to the resource are FIG. 8 is a flow chart illustrating a processing procedure 

disabled or inhibited. Consequently in the case where the of an abort disable (21) showQ - n pjQ 6 

resource deallocation processing takes place and in the 10 A . , .„ . 

system in which there exist a plurality of processes to be f FIG 9 15 a ^w chart illustraUng a processing procedure 

processed on a real time basis, overhead involved in search- of a P^empt disabling function (32) shown in FIG. 6; 

ing the processes sharing the resource to be deallocated and FIG. 10 is a flow chart illustrating a processing procedure 

executing the succeeding deallocation processing will of a disabled-preempt clear function (33) shown in FIG. 6; 

increase considerably. In that case, the real-time processing 20 fig n j s a fl ow cnar ( illustrating a processing procedure 

is very difficult to realize or rendered impossible. 0 f a disabled-abort clear function (22) shown in FIG. 6; 

In the light of the foregoing, it is a second object of the pic. 12 is a schematic diagram showing modules 

present invention to provide an accessing method which is cmp i oy cd in carrying out the process executing method 

capable of reducing the overhead involved in the translation accordmg to another embo diment of the invention; 

between the identifier and the address while sustaining the 25 ~ T ^, 7- . a r 

access right control function of the conventional method and ^ 13 f a flow ^ for illiistrating a processing 

decreasing the time or period during which the access to the Procedure of processes (210-212) shown in FIG. 12; 

shared resource for executing the process terminating pro- FIG. 14 is a flow chart for illustrating a processing 

cessing is disabled. procedure performed by a processing request messaging 

For achieving the above and other objects which will 30 module (300) shown in FIG. 12; 

become apparent as description proceeds, it is taught accord- FIG. 15 is a flow chart for illustrating a processing 

ing to an aspect of the present invention that an identifier procedure performed by a serializer process module (220); 

composed of address information and generation identifying FIG. 16 is a flow chart for illustrating processings per- 

information of a resource is assigned to a resource upon formed by processing completion messaging module 

generation thereof and at the same time the generation 35 (310-312) shown in FIG. 12; 

identifying information is stored at a leading location of the pjos. 17A, 17B and 17C are views showing schemati- 

resource. The generation identifying information is cally major structural components partaking in the control or 

extracted from an identifier transferred as an argument of a management of access right' 

system call issued by a user application upon making access HQ _ lg ^ a flow ^ for ' j^,^ generally a flow of 

to the resource. The extracted generation identifying infer- 40 resource access processing; 

mation is compared with the generation identifying infor- „ T ^, - ft . « , c , . 

. j • 4 l r*u 1 j 1 ** fu c FIG. 19 is a flow chart for illustrating schematically a 

mation stored in the resource at the leading location thereof. „ & J 

A , . 1* 1 1 • «j r-j resource allocation processing; 

Access to the resource is enabled when coincidence is found r & ' 

between both the generation identifying information while FIG - 20 * a flow chart for illustrating a generation 

disabled when discrepancy is found between both the gen- 45 identifying information creating (make_idinf) processing; 

eration identifying information. In this way, the access right FIG. 21 is a flow chart for illustrating a resource area 

to the resource can be controlled solely by comparing both acquisition (alloc_id) processing; 

the generation identifying information. FIG. 22 is a flow chart for illustrating a identifier creating 

The above and other objects, features and attendant (make_id) processing; 

advantages of the present invention will more easily be 50 FIG. 23 is a flow chart for illustrating a resource access 

understood by reading the following description of the processing; and 

preferred embodiments thereof taken, only by way of FIG. 24 is a flow chart for illustrating a resource deallo- 

example, in conjunction with the accompanying drawings. cation processing. 

BRIEF DESCRIPTION OF THE DRAWINGS DESCRIPTION OF THE PREFERRED 

In the course of the description which follows, reference EMBODIMENTS 

is made to the drawings, in which: Now, the present invention will be described in detail in 

FIG. 1 is a schematic diagram for illustrating a conven- conjunction with what is presently considered as preferred 

tional scheme for controlling access right to a shared or typical embodiments thereof by reference to the drawings, 

resource in a multiprocessor computer system known here- 60 In the following description, like reference characters des- 

tofore; ignate like or corresponding parts throughout the several 

FIG. 2A is a view for illustrating schematically a structure views, 

of resource management data employed for resource man- FIG. 6 shows schematically a set of modules and data 

agement in a computer system; required for carrying out a method according to an embodi- 

FIG. 2B is a view for illustrating schematically a structure 65 ment of the present invention, 

of process management data employed for process manage- In the figure, reference numeral 10 denotes a process 

ment in the computer system; management table 10 for controlling or managing processes. 
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In the process management table 10, there are held an abort 
request flag U, an abort-disabled flag 12, a counter 13 for 
counting abort disablings nested. Further, reference numeral 

20 denotes a process management module for controlling or 
managing processes, 21 designates an interface function for 5 
setting the abort disabling, 22 denotes an interface function 
for clearing the abort disabling, and 200 denotes a process 
which requires the processing for a shared resource. 
Furthermore, reference numeral 40 denotes a function which 
uses a shared resource provided in the process 200 and 10 
which holds work areas 23 and 37. Additionally, reference 
numeral 30 denotes a preempt control module which is 
based on the teaching of the invention disclosed in Japanese 
Patent Application No, 8-97997. More specifically, the pre- 
empt control module 30 includes a scheduler 31, a preempt 15 
disable function 32, a disabled-preempt clear function 33, a 
scheduling request flag 34, a preempt-disabled flag 35 and a 
counter 36 for counting the preempt disablings nested. 

FIG. 7 is a flow chart for illustrating a flow of controls for 
the abort disabling and the preempt disabling in a process for 2 o 
realizing a feature of the present invention. When processing 
relating to the shared resource is to be executed, the function 
40 included in the process 200 destined for executing the 
above-mentioned processing initially inhibits its own pro- 
cess from being aborted by using the abort disable function 2 $ 

21 (step 1300). Immediately before using the shared 
resource, the function 40 inhibits its own process from being 
preempted by using the preempt disable function 32 held in 
the preempt control module 30 (step 1301), wherein the 
processing which makes use of the shared resource is 30 
executed (step 1302). Upon completion of the processing for 
the shared resource, the disabled preempt is instantaneously 
released or cleared with the aid of the disabled-preempt clear 
function 33 held in the preempt control module 30 (step 
1303). At this juncture, it should be mentioned that setting 35 
of the preempt-disabled interval (or preempt-disabled sec- 
tion in light of the control flow) extending from the preempt 
disabling to the disabled-preempt clearing (corresponding to 
the section extending from step 1301 to step 1303) is limited 

to such processing for the shared resource which is termi- 40 
nated within a time exerting no adverse influence to the 
periodical driving performance, e.g. a time not longer than 
10% of a minimum time required for managing the periodi- 
cal driving. During a period preceding to the subsequent 
declaration of the preempt disabling, there prevails a 45 
preempt -enabled state where processings require relatively a 
lot of time such as initialization for the allocated resource or 
the like is executed (step 1304). During this period, execu- 
tion of the process 200 may be temporarily interrupted (or 
suspended) while allowing other processes to be scheduled. 50 
When the processing for the shared resource becomes nec- 
essary again, the process 200 sets itself once more to the 
preempt-disabled state (step 1305). When the processing for 
the shared resource (step 1306) comes to an end, the preempt 
disabling is released or cleared (step 1307). Upon comple- 55 
tion of all the processings, the abort disabling is cleared 
finally by resorting to the use of the disabled-abort clear 
function 22 (step 1308). 

In the case of the example illustrated in FIG. 7, the 
preempt-disabled interval makes appearance twice during 60 
the period extending from the abort disabling to the 
disabled-abort clearing. In actual applications, the number of 
such preempt-disabled intervals may be more than three 
inclusive thereof. 

FIG. 8 is a flow chart illustrating in detail an internal 65 
processing of the abort disabling procedure (1300) men- 
tioned above by reference to FIG. 7. Execution of the 
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processing shown in FIG. 8 is effectuated by using the abort 
disable function 21. To this end, the abort disable function 
21 checks at first whether the abort-disabled flag 12 held in 
the process management table 10 managing the process 200 
is in the OFF- state or not (step 1400). When the abort- 
disabled flag 12 is OFF, then the abort disable function 21 
sets the abort-disabled flag 12 to the ON-state (step 1401). 
Subsequently, the abort disable function 21 increments the 
value of the counter 13 by one (step 1402). The procedure 
shown in FIG. 8 is indivisible in execution thereof. 

FIG. 9 is a flow chart illustrating in detail internal 
processing of the preempt disabling procedure (1301, 1305) 
mentioned above by reference to FIG. 7. The processing 
shown in FIG. 9 is executed by means of the preempt disable 
function 32 shown in FIG. 6. At first, the preempt disable 
function 32 checks whether the preempt-disabled flag 35 
held in the preempt control module 30 is in the OFF-state or 
not (step 1500). When the preempt-disabled flag 35 is OFF, 
then the preempt disable function 32 sets the preempt- 
disabled flag 35 to the ON-state (step 1501). Subsequently, 
the preempt disable function 32 increments the value of the 
counter 36 by one (step 1502). The whole procedure shown 
in FIG. 9 is executed iodi visibly. 

FIG. 10 is a flow chart illustrating in detail internal 
processing of the disabled-preempt clearing procedure 
(1303, 1307) mentioned above by reference to FIG. 7. 
Execution of the processing shown in FIG. 10 is in charge 
of the disabled-preempt clear function 33 shown in FIG. 6. 
At first, the disabled-preempt clear function 33 checks 
whether or not the nest value (described hereinafter) of the 
function transferred as the first argument coincides with the 
value of the counter 36 (step 1600). Unless coincidence is 
found, then an abnormality processing is carried out. On the 
other hand, when the coincidence is found, the value of the 
counter 36 incorporated in the preempt control module 30 is 
decremented by one (step 1601). When the value of the 
counter 36 resulting from the decrementation is positive 
(plus), then the processing is terminated intact (step 1602). 
On the contrary, in case the value of the counter 36 is zero 
or negative (minus), the preempt-disabled flag is set to the 
OFF-state (step 1603). Subsequently, the scheduling request 
flag 34 held internally of the preempt control module 30 is 
checked (step 1604). When this flag is OFF, then the 
processing is terminated. On the other hand, when the 
scheduling request flag 34 is in the ON-state, the scheduler 
31 is activated (step 1605) to thereby validate the execution 
of the scheduling processing for the process. 

FIG. 11 is a flow chart illustrating in detail internal 
processing of the disabled-abort clearing procedure (1308) 
mentioned above by reference to FIG. 7. The processing 
shown in FIG. 11 is executed with the aid of the disabled- 
abort clear function 22 shown in FIG. 6. At first, the 
disabled-abort clear function 22 checks whether or not the 
nest value (described hereinafter) of the function transferred 
as the first argument coincides with the value of the counter 
13 (step 1700). Unless coincidence is found, then an abnor- 
mality processing is performed. On the other hand, when 
coincidence is confirmed, the value of the counter 13 incor- 
porated in the process management table 10 managing the 
process 200 is decremented by one (step 1701). When the 
value of the counter 13 resulting from the decrementation is 
positive (plus), the processing is terminated intact (step 
1702). By contrast, in case the value of the counter 13 is zero 
or negative (minus), the abort-disabled flag is set to the 
OFF-state (step 1703). Subsequently, the abort request flag 
11 held internally of the process management table 10 is 
checked (step 1704). When this flag is OFF, then the 
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processing is terminated. On the other hand, when the abort 
request flag 11 is ON, the process management module 20 
is activated (step 1705) to thereby validate the execution of 
the abort processing for the process 200. 

Furthermore, in case the processing shown in FIG. 11 is s 
terminated in the OFF-state of the abort request flag 11, the 
process management module 20 activates the scheduler 31 
incorporated in the preempt control module 30 to perform 
the process rescheduling processing. 

Referring to FIG. 6, the interval or period during which 10 
the abort -disabled flag 12 remains in the ON-state, i.e., the 
period from a time point at which the abort disable function 
21 is called to set the abort-disabled flag 12 to the ON-state 
to a time point at which the disabled-abort clear function 22 
is called to set the abort-disabled flag 12 to the OFF-state 
represents the abort-disabled interval. The abort-disabled 
flag 12 is in the OFF-state when the process is created or 
generated and set to the ON-state only when the abort 
disable function 21 is called. In case the forcive termination 
of the process 200 occurs during the abort-disabled interval 
during which the abort-disabled flag 12 remains in the 20 
ON-state as set by the abort disable function 21 called by the 
process 200, the process management module 20 executes 
only the processing for setting the abort request flag 11 to the 
ON-state while allowing the processing of the process 200 
to be continued. The forcive termination of the process 200 25 
is validated when the abort-disabled flag 12 is set to the 
OFF-state by the disabled-abort clear function 22 called by 
the process 200. 

Further, referring to FIG. 6, the interval or period during 
which the preempt-disabled flag 35 remains in the ON-state, 30 
i.e., the period extending from a time point at which the 
preempt disable function 32 is called to set the preempt- 
disabled flag 35 to the ON-state to a time point at which the 
disabled-preempt clear function 33 is called to set the 
preempt-disabled flag 35 to the OFF-state represents the 35 
preempt-disabled interval. The preempt-disabled flag 35 is 
in the OFF-state when the system is activated and set to the 
ON-state only when the preempt disable function 32 is 
called. In case the scheduling request for the other process 
(es) occurs during the interval in which the preempt-disabled 40 
flag 35 remains in the ON-state as set by the preempt disable 
function 32 called by the process 200, the scheduler 31 
executes only the processing for setting the scheduling 
request flag 34 to the ON-state while allowing the process- 
ing of the process 200 to be continued without scheduling 45 
the other processes). When the preempt-disabled flag 35 is 
set to the OFF-state by the disabled-preempt clear function 
33 called by the process 200, the scheduler 31 sets the 
scheduling request flag to the OFF-state and suspends the 
execution of the process 200 while allowing other processes 50 
to be scheduled. 

Referring to FIG. 7, in the interval or section extending 
from step 1301 to step 1303 and in the interval or section 
extending from step 1305 to step 1307, the preemption is 
disabled, which in turn means that the right of using the CPU 55 
(Central Processing Unit) is never transferred to other pro- 
cess. Thus, it is only the running process that can use the 
shared resource. In other words, any other process is inhib- 
ited from using the shared resource, whereby the exclusive 
control or management of the resource can be realized, 60 
which makes it possible to perform the continuous media 
multiprocessing using the shared resource. Additionally, 
because abortion is disabled during the interval spanning 
over steps 1300 to 1308, any process acquired the resource 
is caused to vanish due to the forcive termination. Thus, the 65 
resource is positively prevented from falling in such state 
that it can not be utilized for an indefinite period. 
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The abort disabling as well as the disabled-abort clearing 
is effectuated through the medium of interfaces mentioned 
below, respectively. 
<Function Name> 

abort_disable(*level) 
<Argument> 

level: the depth of the nest formed by a pair of the instant 
function now under consideration and the function "abort_ 
enable" is returned. 
<Elucidation> 

The function now of concern can make the currently 
executed process transit to the abort-disabled state. This 
function and the function "abort_enable" may be issued in 
a pair during the section or period spanning over the 
transition to the abort-disabled state in response to the 
issuance of this function and the restoration to the abort - 
enabled state in response to the issuance of the function 
"abort_enable". This means that the pair of the function 
now of concern and the function "abort__enable" can be 
nested. The function now of concern and the function 
"abort_enable" issued internally of the nest make no state 
transition between the abort-disabled state and the abort- 
enabled state. The argument "level" reflects the depth of 
such nested state. 
<Function Name> 

abort_enable(level) 
<Argument> 

level: the level of the nest returned from the function 
"abort__disable" which constitutes the counterpart to be 
paired with the instant function is designated. 
<Elucidation> 

The function of concern can make the currently executed 
process be restored to the abort-enabled state. The function 
now of concern (i.e., "abort_enable") and the function 
"abort_disable" may be issued in a pair during the section 
or period spanning over the transition to the abort-disabled 
state in response to the issuance of the function "aborts 
disable" and the restoration to the abort-enabled state in 
response to the issuance of the instant function. This means 
that the pair of the function "abort_disable" and the func- 
tion now of concern "abort__enable" can be nested. The 
function "abort_disable" and the function now of concern 
issued internally of the nest make no state transition between 
the abort-disabled state and the abort-enabled state. The 
argument "level" designates or represents the depth of such 
nest, i.e., the value of "level" due to the issuance of the 
counterpart function "abort_disable". This value is held by 
the operating system as well. Thus, discrepancy of this value 
with the depth of the nest specified by the argument, the 
so-called error return takes place. 

When the function 40 included in the process 200 uses the 
abort disable function 21, the function 40 stores in its own 
work area 23 the current depth of the nest returned from the 
abort disable function 21. For issuing the disabled-abort 
clear function 22, the value stored in the work area 23 is 
designated or specified as the argument of the function 40. 
The disabled-abort clear function serves to compare the 
value mentioned above with the current depth of the nest to 
validate the error return unless coincidence is found between 
both the values mentioned above. By virtue of this function, 
it is possible to detect easily such a programming bug that 
the disabled- abort clear function which is to constitute the 
counterpart of the abort disable function in a pair, is absent. 

The preempt disable processing and the disabled-preempt 
clearing processing can be carried out by making use of the 
disabled-preempt clearing interface and the disabled- 
preempt clearing interface disclosed in Japanese Patent 
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Application No. 8-97997 mentioned hereinbefore. Namely, 
the following interfaces are employed. 
<Function Name> 

preempt_disable(*level) 
<Argument> 5 

level: the depth of the nest formed by a pair of the instant 
function now of concern (i.e., "preerapt_disable") and the 
function "preempt_enable" is returned. 
<Elucidation> 

The function now of concern makes the currently 
executed process transit to the preempt-disabled state. This 
function "preempt_disable" and the function "preempt_ 
enable" may be issued in a pair during the section or interval 
intervening between the transition to the preempt-disabled 
state in response to the issuance of this function and the 
restoration to the preempt-enabled state in response to the 15 
issuance of the function "preempt_enable". This means that 
the pair of the function now of concern and the function 
"preempt_enable" can be nested. The function now of 
concern and the function "preempt_enable" issued inter- 
nally of the nest make no state transition between the 20 
preempt-disabled state and the preempt-enabled stale. The 
argument "lever* reflects the depth of such nest. 
<Function Name> 

preempt_enable(level) 
<Argument> 25 

level: the level of the nest returned by the function 
"preempt_disable" which is to constitute a counterpart of 
the pair of the instant function is designated, 
<Elucidation> 

The function of concern can make the currently executed 30 
process restore to the preempt-enabled state. The function 
"preempt_disable" and this function may be issued in a pair 
during the interval or period spanning over the transition to 
the preempt-disabled state in response to the issuance of the 
function "preempt_disable" and the restoration to the 35 
preempt-enabled state in response to the issuance of this 
function. This means that the pair of the function "preempt^ 
disable" and the function of concern can be nested. The 
function "preempt_disable" and the function now of con- 
cern issued internally of the nest make no state transition 40 
between the preempt-disabled state and the preempt-enabled 
state. The argument "level" designates the depth of such 
nest, i.e., the value of "level" obtained due to the issuance of 
the counterpart function "preempt_disable". The depth of 
the nest is held by the operating system as well. Thus, 45 
discrepancy of this value with the depth of the nest specified 
by the argument, the so-called error return takes place. 

When the function 40 included in the process 200 uses the 
preempt disable function 32, the function 40 stores in its 
own work area 37 the current depth of the nest returned from 50 
the preempt disable function 32. For issuing the disabled- 
preempt clear function 33, the value stored in the work area 
23 is designated or specified as the argument of the function 
40. The disabled-preempt clear function serves to compare 
the value mentioned above with the current depth of the nest 55 
to thereby validate the error return unless coincidence is 
found between both the values mentioned above. By virtue 
of this function, such a programming bug can easily be 
detected that the disabled-preempt clear function which is to 
constitute the counterpart of the preempt disable function in 60 
a pair is absent. 

Next, description will turn to an embodiment of the 
invention which is directed to a method of executing a 
process using a shared resource in the case where the shared 
resource is used for a prolonged duration. 65 

In the process executing method according to the instant 
embodiment of the invention, a periodically driven process 
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performs processing for acquiring the resource as required 
by using the process executing method described below in 
the state not periodically driven in precedence to the start of 
the periodical driving. After completion of the above 
processing, the process starts to be driven periodically. Once 
the periodical driving has been started, no processing is 
performed for acquiring the resource in the process execut- 
ing method described below. 

FIG. 12 shows modules which are required for carrying 
out the process executing method according to the instant 
embodiment of the invention. 

In FIG. 12, reference numerals 210 to 212 denote, 
respectively, those processes which are requesting use of the 
shared resource, and numeral 220 denotes the sole process 
that is authorized to perform the processing for a specific 
shared resource. This process 220 will hereinafter be called 
the serializer process. The serializer process 220 is resident 
within the system. A numeral 300 denotes a processing 
request messaging module for messaging to the serializer 
process 220 the processing requests issued by the processes 
210 to 212, respectively. In correspondence to the serializer 
process 220, the sole processing request messaging module 
300 is provided and constantly resident within the system as 
in the case of the process 220. Reference numerals 310 to 
312 denote, respectively, processing completion messaging 
modules for transferring the process completion message 
from the serializer process 220 to the processes 210 to 212, 
wherein the processing completion messaging modules 310 
to 312 are assigned to the processes 210 to 212, respectively, 
upon generation thereof or upon issuance of the processing 
request therefrom. The processing request messaging mod- 
ule 300 and the processing completion messaging modules 
310 to 312 have internally queues 400, 410 to 412, respec- 
tively. 

Next, processings executed in the system shown in FIG. 
12 will be described by reference to flow charts shown in 
FIGS. 13 to 16. 

FIG. 13 is a flow chart for illustrating a processing 
executed by each of the processes 210 to 212 which need the 
processing for the shared resource. More specifically, each 
of the processes 210 to 212 issues a processing requesting 
message to the processing request messaging module 300 
for requesting the processing of the serializer process 220 
which is capable of accessing the shared resource (step 
1800). The process 210 or 211 or 212 which has issued the 
processing request is immediately set to the state waiting for 
reception of the processing completion message from the 
associated one of the processing completion messaging 
modules 310 to 312 after completion of the processing 
request message. When the processing completion is 
informed from the processing completion messaging mod- 
ule 310 or 311 or 312 (step 1801), the process 210 or 211 or 
212 fetches the processing completion message from the 
queue 410 or 411 or 412 provided in the associated one of 
the processing completion messaging modules 310 to 312 
(step 1802), whereupon the processing for the shared 
resource as requested by one of the processes 210 to 212 
comes to an end. 

FIG. 14 is a flow chart for illustrating the processings 
performed by the processing request messaging module 300. 
It is first to be mentioned that the processing request 
messaging module 300 is constantly in the state ready for 
reception of the processing request message. Upon reception 
of the processing request message (step 1900), the process- 
ing request messaging module 300 places the processing 
request message in the queue 400 in the order as the message 
is received (step 1901), wherein the processing request 
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messaging module 300 informs the serializer process 220 the processing for the shared resource is performed by the 

that the processing request has been issued. preempt-enabled independent process dedicated to the pro- 

FIG. 15 is a flow chart for illustrating the processing cessing for the shared resource, process execution can be 

performed by the serializer process 220 which is the sole accomplished without exerting any influence to the periodi- 

process capable of performing processing for the shared S cal driving performance (or periodical drivability) of other 

resource. Similarly to the processing request messaging processes partaking in the continuous media processing, 

module 300, the serializer process 220 is constantly in the As is apparent from the foregoing description, a shared 

state waiting for reception of the processing request mes- resource can be shared by the individual processes involved 

sage. Upon reception of the information concerning issuance in the continuous media processing or the like without 

of a processing request from the processing request mes- 10 exerting any influence to the periodical drivability of the 

saging module 300 (step 2000), the serializer process 220 processes in the multiprocessing environment in which the 

fetches or receives the processing request from the queue shared resource is made use of. 

400 incorporated in the processing request messaging mod- Next, description will be made of an accessing method 

ule 300 (step 2001) to perform the processing on or for the according to another embodiment of the present invention, 

shared resource in accordance with the request (step 2002). is §1. Configuration 

After completion of the processing for the shared resource, Major components or modules partaking in an access 

the serializer process 220 informs the processing completion right control will be described by reference to FIGS. 17A, 

and the result of the processing to one of the processing 17B and 17C. 

completion messaging modules 310 to 312 which is asso- An resource identifier 600 shown in FIG. 17A is an 
ciated with one of the processes 210 to 212 which has issued 20 argument of 64 bits contained in the system call issued by a 
the corresponding processing request (step 2003). In the user application for using the same in the access to the 
meanwhile, the serializer process 220 checks whether the resource. Of the 64-bit argument, the leading 32 bits are used 
next processing request is placed in the queue. If so, the for identifying a starting or leading address 601 of a resource 
serializer process 220 performs the processing for the shared 608 while the trailing 32 bits constitute generation identi- 
resource in accordance with that processing request. 25 fying information 602. The resource identifier 600 is gen- 
Otherwise, the serializer process 220 resumes the state ready erated upon creation of the resource and used for making 
for reception or acceptance of the succeeding or next pro- access to the resource until the resource is released or 
cessing request (step 2000). deallocated. 

FIG. 16 is a flow chart for illustrating the processings A resource generation counter 603 shown in FIG. 17B is 

performed by the processing completion messaging module 30 created for each of the processes upon generation thereof 

310 or 311 or 312. Each of the processing completion and serves as a counter for recording the number of times the 

messaging modules 310, 311 and 312 is set to the state resource is generated. The count value 604 of the resource 

waiting for the message informing the processing comple- generation counter 603 is set to the initial value of zero and 

tion simultaneously with issuance of the processing request incremented by one every time the resource is created, 

from the associated one of the processes 210 to 212. Upon 35 Generation identifying information 605 shown in FIG. 

reception of the processing completion from the serializer 17C contains leading 16 bits representing a count value 606 

process 220 (step 2100), the processing completion messag- of the resource creation counter with the trailing 16 bits 

ing module places the processing completion message and representing a process identifier 607. 

the result of the processing in the associated one of the Hereinafter, the resource which contains the generation 

queues 410 to 412 (step 2101), whereupon the processing 40 identifying information 609 at a leading or starting location 

completion messaging module 310 or 311 or 312 issues the thereof will be referred to as the resource 608. 

message indicating the processing completion to the relevant §2. Outline of Resource Access Processing of User Appli- 

one of the processes 210 to 212 which has issued the cation 

processing request (step 2102). FIG. 18 is a flow chart illustrating a flow of program for 

In the case of the system illustrated in FIG. 12, it is 45 executing the resource access processing carried out by the 

assumed that there exist three processes 210, 211 and 212 method according to the instant embodiment of the 

which request the processing for the shared resource. It goes invention, which will be described below stepwise, 

however without saying that the contents of the processings (1) In a step 2200, a user application issues a system call 

are essentially invariable even when the number of the requesting a process generating processing to the operating 

processes requesting the shared-resource involving process- 50 system, which responds thereto by creating a resource 

ing is less or more than three. generation counter 603 for the process as generated. 

At this juncture, it should be mentioned that the serializer (2) In a step 2201, the user application issues to the 

process 220 in the system shown in FIG. 12 operates operating system a system call for the resource allocation 

constantly in the preempt-enabled state. processing. 

Further, it should be again mentioned that the process 210, 55 (3) In a step 2202, the user application issues to the 
211 or 212 perform the resource acquiring processings operating system a system call requesting an access pro- 
mentioned above (FIG. 13) before the periodical driving cessing to the resource allocated in the step 2201. 
thereof is started. In other words, the process (210, 211, 212) (4) In a step 2203, the user application issues to the 
acquires the resource data in the state irrelevant to the operating system a system call requesting an deallocation 
periodical driving which is started only after the resource 60 processing of the resource allocated in the step 2201. 
has been acquired due to the processing described above. In the following, the processing for each of the system 

By adopting the process executing method based on the calls mentioned above will be described in detail, 

serializer process described above, the exclusive control §2.1. Resource Allocation Processing 

(i.e., mutual exclusion control or management) need not be FIG. 19 shows a flow chart for illustrating the resource 

performed because the process which can perform process- 65 allocation processing step 2201 shown in FIG. 18. The 

ing directly on or for the shared resource is only one, i.e., the resource generation counter is incremented by one (step 

serializer process. Thus, by virtue of the arrangement that 2300 in FIG. 19), wherein generation identifying informa- 
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tion creating or making processing "make_idinf ' is an error message is returned (step 2703). On the other hand, 

executed (step 2301), which is then followed by step 2302 when the above comparison results in coincidence, then the 

in which a resource area allocation (or memory area access processing to the resource is performed (step 2704). 

acquisition) processing "allo^raem" is executed and step §2-3. Resource Deallocation Processing 

2303 of creating an identifier "make_id" is executed. 5 FIG. 24 is a flow chart for illustrating a resource deallo- 

Thercafter, the generation identifying information is stored cation processing. 

at leading 32 bits of the resource area as returned (step Similarly to the resource access processing (step 2202 

23Q4\ shown in FIG. 18), in the resource deallocation processing 

§2.1.1. Generation Identifying Information Creating (^P.p 83 sh . own fa " G - 18 )> •" din B 32 bi f, ? f th ° 

(make dinft Processin 10 1 " cntl " er rcccivco - as the argument of the system call issued 

r-r^ - in J n i_ ^ r -ii * *• -i. *• by the user application are extracted to define the resource 

FIG. 20 shows a flow chart for illustrating the generation ^ ^ ^ afe extracted for ^ 

idenufymg mformauon creaung processing m step 2301 me ation identifying information SI (step 2800). 

shown in FIG. 19. Hereinafter, this processing will also be Subsequently, the leading 32 bits are read out from the 

referred to as "make_idinf" processing. The generation resource to define the generation identifying information S2 

identifying information is created by a pair of the resource is "read_mem" processing (step 2801). Then, the generation 

generation counter value and the process identifier of the identifying information SI and S2 mentioned above are 

process destined for the resource generation. Referring to compared with each other (step 2802). Unless the compari- 

F1G. 20, the process identifier is first acquired (step 2400), son results in coincidence, the resource is not deallocated 

wherein the resource generation counter value is placed in and a corresponding error message is returned (step 2803). 

the leading 16 bits while a random number value as gener- 20 On the other hand, when the above comparison results in 

a ted is stored in the trailing 16 bits, to thereby create or make coincidence, then the resource deallocation processing is 

the 32 -bit generation identifying information (step 2401). performed (step 2804). 

The generation identifying in formation as created is re turned By virtue of the methods described above, there can be 

(step 2402). obtained advantageous effects mentioned below. 

§2.1.2. Resource Area Acquisition (Memory Allocation) 25 (1) As is obvious from the description concerning the 

(alloc_mem) Processing resource access processing (§2.2.), the address for accessing 

FIG. 21 shows a flow chart for illustrating the resource the resource is contained in the identifier which is the 

acquisition (or allocation) processing in the step 2302 shown argument of the system call issued by the user application to 

in FIG. 19. This processing will also be referred to as the operating system. Thus, it is possible to make access to 

"alloc_mem" processing. Because the resource area is con- 30 the resource by using the identifier in place of using the hash 

stituted by a generation identifying information area and a function for the translation between the identifier and the 

resource area, the resource area size added with the genera- address. Consequently, overhead involved by the use of the 

tion identifying information data size of 32 bits is deter- hash function can be diminished. 

mined (step 2500), wherein the resource area of the size as (2) Let's suppose that a process A and a process B share 

determined is allocated (step 2501). Thereafter, the leading 35 a resource and that the process A has issued a system call for 

address of the resource area (memory area) is returned (step deallocating the resource X. In that case, in the conventional 

2502). system, the operating system searches the identifiers con- 

§2.1.3. Identifier Creating (make^id) Processing tained in the resource management data by following the 

FIG. 22 shows a flow chart for illustrating the identifier pointers, starting from the index derived by using the hash 

creating processing in the step 2303 shown in FIG. 19. 40 function to thereby determine the address of the resource to 

Hereinafter, this processing will also be referred to as be deallocated. Further, other processes sharing the resource 

"make_id" processing. The identifier is constituted by a pair X is searched to release all the process management data as 

of the resource address and the generation identifying infor- found and issue a message indicating that the resource X is 

mation. The address of the resource acquired in resource invalid. In the meantime, the operating system inhibits or 

area allocation or "alloc__mem" processing (step 2302) is 45 disables all the accesses to the shared resource from the user 

placed at leading 32 bits while the generation identifying applications. 

information created in the generation identifying informa- By contrast, according to the methods of the invention, 

tion creating "make_id" processing (step 2301) is placed at the address of the resource can be obtained for unlocking the 

the trailing 32 bits, to thereby create the identifier of 64 bits resource without need for following the pointers for acquir- 

(step 2600). The identifier as created is returned as the 50 ing the address of the resource because the address has 

argument for use in making access to the resource (step already been contained in the identifier of the resource X to 

2601). be deallocated. Additionally, it is apparent from the previous 

§2.2. Resource Access Processing description concerning the resource deallocation processing 

FIG. 23 shows a flow chart for illustrating a resource (§2.3.), the operating system controls or manage the 

access processing corresponding to the step 2202 in FIG. 18. 55 resource access right on the basis of only the result of 

Referring to FIG. 23, the leading 32 bits of the identifier comparison between the generation identifying information 

received as the argument of the system call issued by the SI contained in the identifier assigned to the resource X and 

user application are extracted to thereby define the resource the generation identifying information S2 stored in the 

address while the trailing 32 bits are extracted for defining leading of the resource X. Thus, the task imposed on the 

the generation identifying information SI (step 2700). 60 operating system is only the deallocation of the resource X. 

Subsequently, the leading 32 bits are read out from the In this manner, the duration of the state in which the 

resource on the basis of the resource address to define the access to the resource is disabled and which makes appear- 

generation identifying information S2, i.e., "read_mem" ance between the successive process completion processings 

information (step 2701), wherein the generation identifying can be reduced to only the time involved in deallocating the 

information SI and S2 as extracted are compared with each 65 resource X. 

other (step 2702). Unless the comparison results in (3) In conjunction with the resource deallocation process- 
coincidence, the access to the resource is not performed, and ing described above, it is again assumed that a process C 
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generates a resource Y and allocates the created resource Y 
to the address having been allocated to the resource X in the 
state in which the resource X is deallocated or released. In 
that case, the operating system issues to the process B no 
information or message indicating that the resource X has 
been deallocated. Consequently, there may arise such situ- 
ation that the process 6 tries to make access to the resource 
Y on the basis of the address information contained in the 
identifier of the process B. However, because the identifier 
contains not only the address information but also the 
generation identifying information and because the genera- 
tion identifying information is different between the identi- 
fier assigned to the resource X and the identifier assigned to 
the resource Y, the process B trying to make access to the 
resource Y with its own identifier can not access the resource 
Y. In this manner, the illegal access can be positively 
inhibited or disabled. 
§3. Other Embodiments 

Many features and advantages of the present invention are 
apparent form the detailed description and thus it is intended 
by the appended claims to cover all such features and 
advantages of the system which fall within the true spirit and 
scope of the invention. Further, since numerous modifica- 
tions and combinations will readily occur to those skilled in 
the art, it is not intended to limit the invention to the 
construction and operation illustrated and described. 
Accordingly, all suitable modifications and equivalents may 
be resorted to, falling within the spirit and scope of the 
invention. Modifications of the embodiments described 
above will be mentioned below. 
§3.1. System Utilizing System Clock 

Upon starting-up of the system, a 32-bit system clock is 
generated for holding the time as lapsed on a 10-jli second 
basis. 

When a resource is created, the value of the system clock 
is fetched as the generation identifying information which is 
then stored at a leading address of the resource. An identifier 
of 64 bits is created which is composed of 32 MSB (more 
significant bits) corresponding to the address of the resource 
and 32 LSB (less significant bits) corresponding to the 
generation identifying information. 

For making access to the resource, the generation iden- 
tifying information is extracted from the identifier trans- 
ferred as the argument of the system call from the user 
application to the operating system, wherein the extracted 
generation identifying information is compared with the 
generation identifying information stored at the leading or 
starting address of the resource. When this comparison 
results in coincidence, the access to the resource is enabled, 
i.e., allowed. On the contrary, when the comparison shows 
discrepancy, the access to the resource is disabled or inhib- 
ited with an error message being returned. 
§3.2. System Utilizing Counter 

When the system is activated, a single 32-bit counter is 
generated in the system for counting the number of times 
which resources are generated, and an initial value "0" is 
inputted to the counter as the generation identifying infor- 
mation. 

Upon creation of a resource, the above-mentioned gen- 
eration identifying information is incremented by one and 
stored at the starting or leading address of the resource. 
Subsequently, a 64-bit identifier is created which includes 
more significant 32 bits corresponding to the address of the 
resource and less significant 32 bits corresponding to the 
generation identifying information. 

For accessing the resource, the resource access processing 
is performed by using the identifier mentioned above simi- 
larly to the processing described in the section §3.1. 
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Further, the resource accessing methods described above 
by reference to FIGS. 17 A to 23 allow to structure a safe 
system which inhibits or disables the invalid access to the 
shared resource by applying the accessing method to the 
S processing steps 1302 and 1306 shown in FIG. 7. This 
shared resource accessing method will be described below. 

For the shared resource allocation, the processing illus- 
trated in FIG. 19 is executed for effecting the shared resource 
allocation. At that time, the identifier assigned to the shared 
10 resource is held to check the validity of the shared resource 
by using this identifier upon access to the shared resource. 

Next, a shared resource accessing method will be 
described below. 

When the processings 1302 and 1306 shown in FIG. 7 are 
15 executed for carrying out the shared resource access 
processing, processing illustrated in FIG. 23 is executed for 
validating the access to the shared resource. At first, before 
making access to the shared resource, the generation iden- 
tifying information (602 in FIG. 17A) stored in the identifier 
20 is compared with the generation identifying information 
(609 in FIG. 17A) of the shared resource (step 2702 in FIG. 

23 >- 

When coincidence is found between both the generation 
identifying inform ation, it is then decided that the identifier 
25 of the shared resource is valid, i.e., the resource address (601 
in FIG. 17A) contained in the identifier is valid. 
Accordingly, access is made to the shared resource by using 
the resource address to perform the processing for the shared 
resource. 

30 On the contrary, when discrepancy is found between both 
the generation identifying information mentioned above, 
this means that the identifier of the shared resource is 
invalid. More specifically, assuming, by way of example, 
that discrepancy of the generation identifying information 

35 occurs in the processing step 1306 shown in FIG. 7, this 
means that the shared resource is deallocated for some 
reason during the preempt-enable interval intervening 
between the release of the preempt disabled-state (step 1303 
in FIG. 7) in succession to the completion of the processing 

40 1302 shown in FIG. 7 and the next preempt disabling (step 
1305 in FIG. 7). Thus, the address of the resource (shared 
resource) as contained in the identifier is invalid. 
Consequently, the access to the shared resource is suspended 
and an error processing (step 2703 in FIG. 23) is carried out. 

45 In the error processing, the preempt disabling or inhibition 
and/or abort disabling may be cleared as occasion requires. 

Owing to the processing method described above, deal- 
locating of the shared resource carried out outside of the 
preempt-disabled interval can be detected. Besides, the 

50 access to the invalid resource which may occur in accom- 
panying the above-mentioned shared resource deallocating 
can be prevented for thereby protecting the resource from 
being destroyed. In this way, it is possible to structure a 
system capable of processing the shared resource with 

55 enhanced security even when the preempt enable interval is 
set in the shared resource processing interval or section. 

As will now be appreciated from the foregoing 
description, according to the teachings of the invention 
disclosed herein, overhead involved in the translation 

60 between the address and the identifier as well as search for 
checking the presence/absence of the access right can be 
reduced with the access performance being correspondingly 
enhanced. Besides, the resource-access disabled interval or 
section taking place upon completion of the process can be 

65 shortened. Additionally, the resource can be protected 
against destruction due to the illegal access to the resource 
from the process imparted with no resource access right. 
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What is claimed is: 

1, A process executing method for executing a given one 
of a plurality of processes in a computer system by using one 
shared resource which is accessed by said plurality of 
processes executed on a processor, said method comprising 5 
the steps of: 

a) disabling abortion of said given one process; 

b) disabling preemption of said given one process; 

c) processing said shared resource for use by said given 1(J 
one process after disabling preemption, and enabling 
preemption after processing said shared resource; 

d) disabling preemption before succeeding processing 
said shared resource and enabling preemption after 
processing said shared resource; ]5 

e) enabling abortion of said given one process after 
enabling preemption; and 

f) after enabling abortion, executing a forcive termination 
request issued for said given one process during a 
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period in which said given one process was in an 
abort -disabled state. 
2. A process executing method according to claim 1, 
further comprising the steps of: 

registering processing requests for use of said shared 
resource issued by processes other than said given one 
process into a first queue; 
retrieving one of the processing requests registered in said 

first queue by said given one process; 
after performing said steps a) to e), registering a comple- 
tion message informing completion of said one of the 
processing requests into a second queue; and 
retrieving said completion message registered in said 
second queue by a process which issued said one of the 
processing requests. 

***** 
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